CVE-2020-15095

EPSS 0.13%
Veröffentlicht 07.07.2020 19:15:10
Zuletzt bearbeitet 21.11.2024 05:04:47
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Sensitive information exposure through logs in npm cli

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 11

NVD 4 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Npmjs ≫ Npm Version < 6.14.6

Opensuse ≫ Leap Version15.1

Opensuse ≫ Leap Version15.2

Fedoraproject ≫ Fedora Version33

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.13%	0.322

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N
security-advisories@github.com	4.4	0.8	3.6	CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N